BID:17567

PHPGraphy Index.PHP Unauthorized Access Vulnerability

Info

PHPGraphy Index.PHP Unauthorized Access Vulnerability

Bugtraq ID:	17567
Class:	Access Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 17 2006 12:00AM
Updated:	Apr 18 2006 04:06PM
Credit:	rgod is credited with the discovery of this vulnerability.
Vulnerable:	phpGraphy phpGraphy 0.9.12 rc1 phpGraphy phpGraphy 0.9.9 a phpGraphy phpGraphy 0.9 .11 phpGraphy phpGraphy 0.9 .10

Not Vulnerable:	phpGraphy phpGraphy 0.9.12

Discussion

PHPGraphy Index.PHP Unauthorized Access Vulnerability

phpGraphy is prone to an unauthorized-access vulnerability. This issue is due to a failure in the application to properly validate credentials before granting access to sensitive scripts.

An attacker can exploit this issue to inject arbitrary script code into pages of the application; other attacks are also possible.

Exploit / POC

PHPGraphy Index.PHP Unauthorized Access Vulnerability

This issue can be exploited through use of a web client.

Solution / Fix

PHPGraphy Index.PHP Unauthorized Access Vulnerability

Solution:
The vendor has released version 0.9.12 to address this issue.

phpGraphy phpGraphy 0.9 .11

phpGraphy phpgraphy-0.9.12.tar.gz
http://prdownloads.sourceforge.net/phpgraphy/phpgraphy-0.9.12.tar.gz

phpGraphy phpGraphy 0.9 .10

phpGraphy phpgraphy-0.9.12.tar.gz
http://prdownloads.sourceforge.net/phpgraphy/phpgraphy-0.9.12.tar.gz

phpGraphy phpGraphy 0.9.12 rc1

phpGraphy phpgraphy-0.9.12.tar.gz
http://prdownloads.sourceforge.net/phpgraphy/phpgraphy-0.9.12.tar.gz

phpGraphy phpGraphy 0.9.9 a

phpGraphy phpgraphy-0.9.12.tar.gz
http://prdownloads.sourceforge.net/phpgraphy/phpgraphy-0.9.12.tar.gz

References

PHPGraphy Index.PHP Unauthorized Access Vulnerability

References:

PHPGraphy <= 0.9.11 'editwelcome' unauthorized access / cross site scripting (rgod)
phpGraphy Homepage (phpGraphy)